NO. 375 | 6 Post-GPT Phases, Github’s Private Key, New Assistant Interfaces


Exploring the intersection of security, technology, and society—and what might be coming next…

Standard Web Edition | Ep. 375 | March 27, 2023

NO. 375 | 6 Post-GPT Phases, Github's Private Key, New Assistant Interfaces

Happy Monday! I hope you’re doing well,

I believe the explosion of intelligence we’re currently seeing is not just a tech event, but a civilizational event. To me, it’s the most disruptive thing to happen to humans—probably ever—and that’s why I’m thinking and creating so much around it. I thought about changing the structure of the show to emphasize this, but I think the ‘security, tech, and humans’ vibe is still the right characterization.

Thanks for being part of this. Let’s jump into the week!

NO. 375 | 6 Post-GPT Phases, Github's Private Key, New Assistant Interfaces

MY WORK


🔥 6 Phases of the Post-GPT World — What I think is coming as a result of connecting GPT-4 to the internet. Don’t miss this oneMORE | SHARE IT

SECURITY NEWS


Github Key Rotation
GitHub rotated its private RSA SSH key after it was ephemerally exposed in a public repository. This only applies to its RSA key; its ECDSA and ED25519 keys were unaffected. The new key is SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2sMORE | KEYS

CISA Ransomware Warning System
CISA has created a new program that alerts critical infrastructure providers if they have vulnerabilities associated with ransomware campaigns. I absolutely love what CISA is doing right now. It’s like they’re a scrappy startup where most previous cybersecurity efforts in government were all Oracle. THE RVWP PROGRAM

Unpublished ChatGPT Plugins
My buddy Joseph Thacker found over 80 unpublished ChatGPT plugins by tinkering with the API. And he could not only view them but install them! He got with the security team and they fixed the issue very quickly. MORE | FOLLOW JOSEPH

ChatGPT Data Leak
ChatGPT had a situation last week where users were able to see chat histories and email addresses that didn’t belong to them. OpenAI said in their post-mortem that the issue was caused by an open-source bug in the Redis client. MORE | OPENAI’s POST-MORTEM

Sponsor
 

Get SOC 2 in Weeks Not Months

Let Secureframe unblock opportunities and accelerate your sales cycle without the need to invest in new resources or overburden your team.

From comprehensive compliance policy templates to over 150 integrations with your core technology services, the Secureframe platform significantly increases the speed with which organizations can confidently begin a SOC 2 audit, without increasing overhead or slowing your team down.

Schedule a personalized demo to let us show you how.


secureframe.com/ul

Zoom Paid $3.9 Million in Bounties
Zoom paid basically $4 million in bounties in 2022, which is a great number, but I always feel like the numbers are too low. Their total number with HackerOne since 2019 is over $7 million. They’re also rollout out their own vulnerability reporting system which they’re calling VISS, which will rank bugs based on 13 aspects of their impact. MORE

Cisco Patches IOS
Cisco has published its semiannual (twice a year) IOS and IOS XE security advisory bundle. It includes 10 vulnerabilities, including six rated High. Three of them can be exploited to cause a DoS condition remotely. MORE

The Last of Us in Real Life
The CDC says there’s a drug-resistant fungus running rampant at health care facilities, and they’re calling it an ‘urgent threat’. It’s called Candida Auris, and cases tripled from 2020 to 2021 totaling 4,041. It kills one in three patients by invading the blood, brain, and heart. MORE 

Sponsor
 

You’ve Got Assets? We’ve Got Answers

JupiterOne collects more asset data than any other provider, and shows you the relationships between those assets in seconds. It’s not just about connectors and data; it’s about the types of questions you can ask to get the relevant answers for your security program.

We go beyond endpoints, IP addresses, users, and devices, and ingest data from CSPs, SaaS apps, code repos, IAM policies, security controls, vulnerability findings, and more. This enables you to ask questions like: “What internet-facing applications are running systems affected by log4j, and who owns those systems?”

 

jupiterone.com/unsupervisedlearning

TECHNOLOGY NEWS

Unsupervised Learning — Security, Tech, and AI in 10 minutes…

Get a weekly breakdown of what’s happening in security and tech—and why it matters.


ChatGPT Now Connects to the Internet
Only a week after releasing GPT-4, OpenAI connected ChatGPT to the internet. A lot of us knew this was coming, but I thought it would take months, if not over a year. Nope, they did it in a week. What’s so extraordinary about it is they basically wrote a framework for replacing companies’ entire businesses as plugins. Or at the very least, it turned them into APIs. Suddenly it becomes very important to return great results in your API, because that might soon be all people care about. MORE 

Character.ai Enters the Chat
OpenAI has a new compeitor called Character.ai that “offers AI chatbots that allow users to chat and role-play with, well, anyone — living or dead, real or imagined.” That’s compelling in a world full of loniness and isolation. So you can talk to anyone from yourself, to Shakespeare, to Jean Luc Picard. MORE | WEBSITE

Adobe Goes Generative
Adobe has entered the Generative AI space with its own offering called Firefly. It’s early, but the ability to select objects and areas and have the model create iterations is quite awesome. You can also select an area and tell it to make something completely new using text. MORE

Bing Visits Up 16%
Bing is up 16% in visits and Google is down 1% through February. I’d expected a more drastic hit, honestly, but I suppose that’ll take time. MORE

Altman Has No Stock in OpenAI
There are numerous reports now saying Sam Altman, the CEO of OpenAI, has no equity in the company. I guess that’s easier to do when you’ve got a couple hundred million in the bank. Still cool, though. MORE | SEMAFOR ARTICLE

Tesla Penalizing Night Driving
Tesla owners appear to be getting penalized for driving at night. Tesla maintains a safety score on every driver, and one user reported that their score went down because they drove home from the airport at 3AM. I’m not sure how I feel about this actually, but I do find it interesting. Like, is it intrusive? Yes. Is it likely accurate? Probably. MORE

HUMAN NEWS


Over 40% of Americans Support Banning TikTok
In other news, Americans also support eating healthy. Do they do it? That’s another matter. The biggest news last week on this front was seeing how bad it is for a democracy to have a country run by old people who know nothing about technology. MORE

South Korea Birth Rate
South Korea has the world’s lowest fertility rate. Experts cite the rising cost of living, prioritizing work over starting a family, and a marriage rate decline of over 35%. MORE

IDEAS & ANALYSIS


How AI Will Replace Today’s Degrees and Certifications 
Instead of degrees for completing X number of courses, AI will perform long, multi-day interviews on the topic of your degree… FULL THREAD

3 Protections for Knowledge Workers
I think there are three things that will postpone knowledge work replacement by AI for a given person.

  1. Be an SME
  2. Create the AI Tech
  3. Be a Polymath Implementer

AI systems need data and wisdom to put into the models, and it’s the SMEs that will be creating that for the foreseeable future. You’ll also need people to continue making the AI tech itself. And finally you have the generalists who are good with people, good with finding the hidden problems, and good at using the AI tools to solve those issues. Ask yourself which of these you are, and which your loved ones are going to be if they’re currently in school. FULL THREAD

Kurzweil is Looking Pretty Good Right Now
Kurzweil has said AI would reach human intelligence levels around 2029, and outpace us a billion-fold by 2045. People laughed at him for being way too early. Fewer people are laughing now, and there’s a real chance that he will end up not being agressive enough in his estimates. KURZWEIL’S PREDICTIONS

NOTES


🔥 My best homie Jason Haddix has started his own newsletter! He’ll be talking in a voice all his own on the topics of hacking and security leadership. I’ve already seen a draft of the first issue and I can say for sure it’s going to be one of the best newsletters in our security space. Go sign up immediately! ANNOUNCEMENT | SIGN UP

I think I just decided not to drink at home. For me it’s purely a social, friends, conference, and Vegas thing from now on. Huberman was my tipping point. FULL THREAD

DISCOVERY


⚒️ MacGPT — A menubar option for invoking ChatGPT on Mac. MORE | by JORDI BRUIN

📢 [Sponsor] — Does it take you weeks or months to get SOC 2 compliant? Speed up your sales cycle using over 150 integrations and comprehensive policy templates. Make the business happy by getting compliant without slowing down the team. LEARN MORE

The Secret History of Elon Musk, Sam Altman, and OpenAI MORE

Sam Altman on the Lex Fridman Podcast MORE

How John Wick Changed Movies Through World-building MORE

Managers Exploit Loyal Workers Over Less Committed Colleagues MORE

📢 [Sponsor] — Can you answer complex questions about what assets you have, which are facing the internet, and who owns those systems so you can get them fixed if there’s a new vulnerability? If not, you should look at JupiterOne. It’s like a unified question-answering platform powered by your own assets. LEARN MORE

Someone hacked together a very early Her interface. MORE

The Age of AI Has Begun MORE

Here’s another crazy AI interface that gives you awesome things to say in real-time conversation. MORE

Choose What to Dream Tonight MORE

Real-time AI Detection of Feelings in Video MORE

Natural Language APIs Are Coming MORE

A Dozen Things I’ve Learned from Charlie Munger About Moats MORE

RECOMMENDATION OF THE WEEK


Don’t Fret
All this AI stuff is exciting, but it’s also depressing. Especially for those who like human-based, personal, and cozy communities. Don’t worry. This is going to change things for the worse in many ways, but it’ll improve things as well. And there will be many movements that push to put AI (and tech in general) in the background of human interactions. I’ll likely be one of them. AI was going to come no matter what. It was only a question of when. It’s up to us to find ways to use it to amplify our humanity rather than squelch it. We can do that. And we need your help—Tim.

 
APHORISM OF THE WEEK


“The future is not some place we are going, but one we are creating.” 

John Schaar





Source link